Skip Navigation
Get a Demo
 
Detection Engineer

Thomas Gardner

Thomas is a detection engineer at Red Canary, where he splits his time investigating threats to our customers and developing new methods of finding them. Prior to Red Canary, Thomas worked at CenturyLink in various roles spanning incident response, threat hunting, and threat intelligence. Outside work, he enjoys scaling rock walls with dainty rubber shoes and fistfuls of chalk.
By This Author
Investigating server compromises with cgroups: A Linux DFIR primer
May 13, 2026
Linux security
Investigating server compromises with cgroups: A Linux DFIR primer
How cloud architects and detection engineers can work together
May 29, 2024
Security operations
How cloud architects and detection engineers can work together
By the same token: How adversaries abuse AWS cloud accounts and APIs
December 5, 2023
Cloud security
By the same token: How adversaries abuse AWS cloud accounts and APIs
How process streams can help you detect Linux threats
August 3, 2022
Linux security
How process streams can help you detect Linux threats
The adversary’s gift: When one technique opens a Pandora’s box
July 28, 2021
Linux security
The adversary’s gift: When one technique opens a Pandora’s box
Research ATT&CK techniques from the comfort of your VSCode editor
April 14, 2021
MITRE ATT&CK
Research ATT&CK techniques from the comfort of your VSCode editor
 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top